CVE-2026-0485
7.5 HIGHPublished 2026-02-10 · Modified 2026-02-10 · Received
Quick Summary
An unauthenticated attacker can crash and restart the SAP BusinessObjects Content Management Server by sending it specially crafted network requests. Repeated attacks can cause a complete, persistent service outage, disrupting business intelligence operations.
Who is affected
All unpatched SAP BusinessObjects BI Platform deployments are affected. An attacker can make the core Content Management Server completely unavailable, causing a denial of service.
Recommended fix
Apply the relevant SAP Security Note or patch as provided by SAP. As a temporary mitigation, restrict network access to the CMS to only trusted sources if possible.
Technical Description
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-405